Social Icons

Pages

Thursday, July 31, 2014

The ever increasing cyber security challenge

One of the greatest changes in the last 10 years is that as a society we have become very reliant on being connected. This offers many benefits but also leads to a major security threat, and a recent IDC survey of over 1,300 businesses found that IT security has become their top priority for the year.

Ten years ago a cyber attack would have most likely been an annoyance. A computer worm would infect our PCs, and perhaps delete a few files. Nobody made much money out of that, with the exception being the security vendors who sold anti-virus software.

Today, targeted attacks are initiated and conducted by malicious insiders, professional criminals and even foreign government agencies. They have a very direct and real impact on a business's bottom line, and on businesses' brands.

Targeted attacks can also cause real disruption to a country's infrastructure and utilities.

Furthermore, the borderless nature of the internet also makes it very difficult for law enforcement to pursue and charge cyber criminals, and our reliance on being connected is only going to increase - raising the security risk.

Governments and businesses must have several key elements in place to defend against targeted attacks. Firstly, they need a robust data classification process that shows the importance of different elements of data and how they must be protected. Then they need the data protection itself, for the different classification levels.

Identity and access management are also crucial in making sure only the right people have access to the right data at the right time. Transparency is equally vital: including active participation in bodies that encourage greater information sharing on cyber threats.

Outside and inside threats

The main threats most businesses face in today's connected economy are targeted attacks. These are deliberate attacks conducted by professional cyber criminals aimed at either making money from the attack or retaliation against businesses' recent activities. Today's cyber criminals have the means to engage in protracted campaigns against a single or multiple businesses.

Cyber criminals also have a vast array of reconnaissance tools at their disposal to prepare for an attack, and one of the primary tools is social media sites such as Facebook and LinkedIn. Information gained from these sites, such as employees working at a particular business, their job titles, and even when they are on holiday, can all be used as a platform to launch an attack.

Another facet of a targeted attack can stem from a legitimate business employee: the malicious insider, and it can be argued that the malicious insider is perhaps more dangerous than a cyber criminal - a business's employee already has access to the infrastructure and data. Should that employee choose to become malicious, it would be very easy to steal and expose or sell data. Former US National Security Agency contractor Edward Snowden's famous revelation, that the agency was harvesting citizen phone call data and snooping on foreign leaders, is a prime example of how much damage one person can do to an organisation.

Web warfare

A country's national infrastructure and utilities face similar threats to that of businesses.

In addition to the cyber criminal and the potential of a malicious insider, targeted attacks on national infrastructure and utilities can also originate from government agencies seeking to disrupt a foreign nation it views as hostile.

An example of this type of attack is the Stuxnet virus, allegedly created by the US and Israeli agencies to attack Iran's nuclear facilities.

Given a country's economic reliance on being connected, particularly with regards to developed nations, cyberwar is a very real threat.

In the future, cyber attacks will be used as a fourth method of attack - the others being Air, Land and Sea. A very recent example of this was during the recent Crimea tension: at its most heightened period, there was a signifiant increase in the number and severity of cyber attacks between Russia and Ukraine.

As the global environment changes, the defence against national cyber attacks, criminal attacks and insider threats will be key to security. Organisations recognise the threat, but must effect very extensive work if they are to meet the challenge.